Building Controls and Your Ethernet Network (AN0903A)

Application Note—AN0903A

Building Controls & Your Ethernet Network

A Brief on Building Automation KMC Controls designs and manufactures products intended for HVAC (heating, ventilation, air condition- ing) control and related facility automation functions. These building automation systems (BAS) utilize direct digital controllers (DDC), some of which can reside on your existing Ethernet network. It is, therefore, important for you to understand the nature of the traffic created by our DDC products.

Only our Tier 1 controllers reside on the Ethernet LAN. Tier 2 controllers and devices are connected via RS-485 networking. All controllers use “points” of data (such as input from a sensor) to perform their control function. The controllers are governed by our facility management software packages (WinControl or Acuity). Finally, rest assured that all KMC control systems are installed by trained and knowledgeable KMC partners who are authorized controls contractors.

Bandwidth Utilization It is not possible, due to system variability, to affix a specific number here. In general terms, however, our controllers take only a minutely small portion of your Ethernet bandwidth. Some bandwidth usage is Fixed, other usage is Dynamic, and still other usage is User-Defined. With regard to Fixed usage, each controller is set to send and receive data only every 20 to 30 seconds. This traffic probably accounts for no more than 6 Kb at peak while at most times it is idle. Dynamic usage refers to alarm conditions. These exceptions occur rarely; even in large and complex automation systems. In addition, each alarm will account for only up to several hundred bytes or so of bandwidth. User- defined traffic is more unpredictable. Users can set up WinControl or Acuity to have the controllers accessed Audience: Information technology professionals and perform any number of tasks. Again, even at peak, however, this traffic accounts for only a small Scope: This document discusses the use of percentage of your available Ethernet traffic band- digital building control systems on existing width. facility Ethernet infrastructures.

(See Network Usage and Bandwidth Calculation below for Purpose: Understand the minimal impact that further information.) our digital product line has on your network. Network Usage—A Summary ◆ A Network Status UDP packet (40 bytes, UDP datagram) is sent every 23 seconds to each Ether- net connected controller in the system. ◆ A Network Points packet (0 to 528 bytes, UDP datagram) is sent every 24 seconds to each Ether- net connected controller in the system. ◆ Alarms (up to 1400 bytes, UDP datagram) are sent to each Ethernet connected controller as they occur. Multiple alarms will be concatenated into one message. These same packets are directed to each operator workstation that is both logged in and set to receive such alarms. ◆ Operator requests (24 bytes, UDP datagram) are directed to the desired controller. Replies can be up to 1400 bytes. ◆ Operator sends can be up to 1400 bytes (UDP datagram); controllers acknowledge with a 15-byte UDP datagram. ◆ The building operator determines and controls the frequency of activity. Operator workstation refresh rates can be set as often as once per second, In addition, multiple windows may be open simultaneously. Only those windows which are in Update mode (as opposed to View mode), generate network traffic. However, workstations can also be programmed to maintain historical files known as trend logs. Workstation settings determine the number of trend logs and the frequency of updates. Trend log packets (UDP datagrams) are 1400 bytes. ◆ Packets transmitted on the same Ethernet sub-network are fragmented at the Maximum Transmis- sion Unit (MTU) size set at the controller level (not related to your network MTU size). Default size is 1500 bytes. ◆ Routers and gateways have a tendency to “forget” our controllers on the system, deleting the controllers from routing tables. Therefore, our Tier 1 controllers will “ping” these devices every two minutes.

Bandwidth Calculation While not meant to be definitive or comprehensive, the following formula can provide you with a general bandwidth calculation for controller-to-controller bandwidth.

max. bandwidth per controller = 3000 bytes X (number of Tier 1 controllers in system – 1) every 25 seconds This formula does not account for Dynamic or User-Defined traffic.

Protocols, Ports & Broadcasting Protocols Supported ◆ Internet Protocol (IP) over Ethernet ◆ Internet Control Message Protocol (ICMP) ◆ Universal Datagram Protocol (UDP) ◆ Address Resolution Protocol (ARP) ◆ BACnet (IP, MSTP, Ethernet 802.3) ◆ Proprietary protocol (encapsulated in UDP)

Port Numbers Used ◆ Our system uses ports 21068, 21069, 21080, and 21081 to send and receive UDP packets from either our software front end or our OPC server. ◆ Responses are directed to the requesting port number. Broadcasting ◆ In the traditional sense of the word, KMC controllers do not perform any broadcasting functions. ◆ ARP messages are used whenever a given Tier 1 controller needs to determine the MAC address of other controllers. This “broadcast” ARP is of no consequence to the remainder of your Ether- net network. ◆ We generally recommend that out Tier 1 controllers be designated as “broadcast servers” in our facility management software. Once again, however, this traffic is only from controller to controller. ◆ All UDP transmissions are directed (no broadcasts).

Security It is impossible to foresee all potential security risks. That said, our controllers pose little threat to your network in terms of security. Our Tier 1 controllers have no user-accessible operating system, no file structure, and no user-accessible storage media. In addition, the vast majority of our systems are built on our proprietary protocol.

Even in the worst case scenario (knowledgeable DDC specialist with access to the software front end) it is not possible to “hack into” our controllers and propagate anything to the remainder of the Ethernet network. At most, such a motivated individual could only influence the performance of a particular controller and its connected equipment.

KMC offers a Tier 1 controller, known as WebLite (KMD-5270), which incorporates a built-in HTTP server. This controller requires an IP address and can send out emails and serve up web pages (using TCP/IP and HTTP protocols). However, like our other Tier 1 controllers, it has no provision to receive and/or propagate infected files.

KMC Controls, Inc. 19476 Industrial Drive © 2003 KMC Controls Inc. WinControl is a registered trademark and Acuity and WebLite are trademarks of KMC Controls. New Paris, IN 46553 Specifications and controller design parameters are subject to www.kmccontrols.com change without notice.